Azure Role-based access control Skill
This skill provides expert guidance for Azure Role-based access control. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities.
25 stars
Best use case
Azure Role-based access control Skill is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
This skill provides expert guidance for Azure Role-based access control. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities.
Teams using Azure Role-based access control Skill should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/azure-rbac/SKILL.md --create-dirs "https://raw.githubusercontent.com/ComeOnOliver/skillshub/main/skills/MicrosoftDocs/Agent-Skills/azure-rbac/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/azure-rbac/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Azure Role-based access control Skill Compares
| Feature / Agent | Azure Role-based access control Skill | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
This skill provides expert guidance for Azure Role-based access control. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Azure Role-based access control Skill This skill provides expert guidance for Azure Role-based access control. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities. ## How to Use This Skill > **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file > **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md) This skill requires **network access** to fetch documentation content: - **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown. - **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown. ## Category Index | Category | Lines | Description | |----------|-------|-------------| | Troubleshooting | L35-L43 | Diagnosing and fixing Azure RBAC issues: access denials, role/condition misconfigurations, role limit errors, and auditing role/condition changes via Activity Log | | Best Practices | L44-L50 | Security-focused guidance on designing Azure RBAC: choosing scopes, delegating access with ABAC conditions, and applying least privilege and separation-of-duties best practices. | | Decision Making | L51-L58 | Guidance on choosing and migrating role models: moving from classic admins to RBAC, scaling with ABAC, selecting Azure vs Entra vs classic roles, and transferring subscriptions between directories. | | Limits & Quotas | L59-L64 | Designing and managing Azure RBAC custom roles, including understanding role structure, permissions, and step-by-step creation using the Azure portal | | Security | L65-L129 | Azure RBAC roles, permissions, and conditions: built-in role references by service, custom roles, ABAC/conditions, delegation, deny assignments, PIM, policy, and security/privileged access controls. | | Configuration | L130-L141 | Configuring Azure RBAC/ABAC: prerequisites, condition syntax, role assignments, built‑in vs custom roles, and creating/inspecting custom role definitions via CLI and PowerShell | | Integrations & Coding Patterns | L142-L158 | How to assign, list, and query Azure RBAC role assignments using portal, CLI, PowerShell, Bicep/ARM templates, REST API, and managed identities | ### Troubleshooting | Topic | URL | |-------|-----| | Audit Azure RBAC changes using Activity Log | https://learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report | | Resolve common issues with Azure RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-faq | | Troubleshoot Azure RBAC role assignment conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-troubleshoot | | Resolve Azure RBAC role and custom role limit issues | https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshoot-limits | | Troubleshoot common Azure RBAC access issues | https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting | ### Best Practices | Topic | URL | |-------|-----| | Apply security-focused best practices for Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices | | Example patterns for delegating RBAC with ABAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-examples | | Choose appropriate Azure RBAC scopes for access | https://learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview | ### Decision Making | Topic | URL | |-------|-----| | Migrate from Azure classic administrators to RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators | | Scale Azure RBAC assignments using ABAC and attributes | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example | | Choose between Azure, Entra, and classic admin roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles | | Transfer Azure subscriptions between Entra directories | https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription | ### Limits & Quotas | Topic | URL | |-------|-----| | Understand and configure Azure RBAC custom roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles | | Create Azure custom roles in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal | ### Security | Topic | URL | |-------|-----| | Reference for all Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles | | Azure RBAC AI and ML built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning | | Azure RBAC analytics built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/analytics | | Understand Azure RBAC built-in compute roles and permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute | | Azure RBAC containers built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers | | Azure RBAC databases built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/databases | | Azure RBAC DevOps built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/devops | | Azure RBAC general built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general | | Use hybrid and multicloud RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud | | Azure RBAC identity built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/identity | | Azure RBAC integration built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/integration | | Azure RBAC IoT built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/internet-of-things | | Apply management and governance RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/management-and-governance | | Use Azure RBAC built-in roles for migration tasks | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/migration | | Assign Azure RBAC built-in roles for monitoring | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor | | Azure RBAC networking built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking | | Azure RBAC privileged built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged | | Azure RBAC security built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security | | Azure RBAC storage built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage | | Azure RBAC web and mobile built-in roles reference | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile | | Restrict blob read access using tags and ABAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes | | Manage Azure RBAC conditions using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-cli | | Configure Azure RBAC role assignment conditions in portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal | | Manage Azure RBAC conditions using PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-powershell | | Manage Azure RBAC conditions via REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-rest | | Define Azure RBAC conditions in ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-template | | Define Azure custom roles using Bicep | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep | | Manage Azure custom roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli | | Manage Azure custom roles using PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell | | Manage Azure custom roles via REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest | | Define Azure custom roles with ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template | | Delegate Azure RBAC role assignment management securely | https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-overview | | Delegate Azure RBAC role management with ABAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-portal | | List and understand Azure RBAC deny assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments | | Elevate Global Administrator access to all subscriptions | https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin | | Use AI and machine learning RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/ai-machine-learning | | Use Analytics category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics | | Use Azure Compute RBAC permissions for custom roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute | | Use Containers category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/containers | | Use Databases category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/databases | | Use DevOps category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/devops | | Use General category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/general | | Use hybrid and multicloud RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/hybrid-multicloud | | Use Identity category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/identity | | Use Integration category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration | | Use IoT category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/internet-of-things | | Use management and governance RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/management-and-governance | | Use Migration category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/migration | | Use Monitor category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/monitor | | Use Networking category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/networking | | Use Security category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/security | | Use Storage category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/storage | | Use Web and Mobile Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/web-and-mobile | | Use PIM for eligible and time-bound Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/pim-integration | | Apply Azure RBAC built-in policy definitions | https://learn.microsoft.com/en-us/azure/role-based-access-control/policy-reference | | Reference Azure resource provider permission operations | https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations | | Alert on privileged Azure RBAC role assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert | | Activate eligible Azure RBAC roles in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-eligible-activate | | Grant Azure RBAC access to external B2B users | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users | | Assign subscription Owner with constrained RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin | | Apply Azure Policy compliance controls to Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/security-controls-policy | ### Configuration | Topic | URL | |-------|-----| | Use actions and attributes in Azure ABAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes | | Author Azure RBAC condition expressions and syntax | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-format | | Meet prerequisites to use Azure RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-prerequisites | | Configure and interpret Azure RBAC role assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments | | Understand and configure Azure RBAC role definitions | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions | | List and inspect Azure built-in and custom RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list | | Create Azure custom RBAC roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli | | Define Azure custom RBAC roles with PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell | ### Integrations & Coding Patterns | Topic | URL | |-------|-----| | Assign Azure RBAC roles using Bicep templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep | | Assign Azure RBAC roles with ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-template | | Assign Azure RBAC roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli | | List Azure RBAC role assignments via Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-cli | | View Azure RBAC role assignments in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal | | List Azure RBAC role assignments using PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-powershell | | Query Azure RBAC role assignments using REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest | | Assign Azure RBAC roles using the Azure portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal | | Assign Azure RBAC roles starting from a managed identity | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity | | Assign Azure RBAC roles via PowerShell for all principals | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell | | Assign Azure RBAC roles through the REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest | | Assign Azure RBAC roles using ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template | | Grant group-based Azure RBAC access via PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell | | Grant Azure RBAC access using PowerShell commands | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell |
Related Skills
property-based-test-helper
25
from ComeOnOliver/skillshub
Property Based Test Helper - Auto-activating skill for Test Automation. Triggers on: property based test helper, property based test helper Part of the Test Automation skill category.
iam-role-generator
25
from ComeOnOliver/skillshub
Iam Role Generator - Auto-activating skill for AWS Skills. Triggers on: iam role generator, iam role generator Part of the AWS Skills skill category.
azure-ml-deployer
25
from ComeOnOliver/skillshub
Azure Ml Deployer - Auto-activating skill for ML Deployment. Triggers on: azure ml deployer, azure ml deployer Part of the ML Deployment skill category.
ansible-role-creator
25
from ComeOnOliver/skillshub
Ansible Role Creator - Auto-activating skill for DevOps Advanced. Triggers on: ansible role creator, ansible role creator Part of the DevOps Advanced skill category.
scanning-for-accessibility-issues
25
from ComeOnOliver/skillshub
This skill enables Claude to perform comprehensive accessibility audits. It uses the accessibility-test-scanner plugin to identify WCAG 2.1/2.2 compliance issues, validate ARIA attributes, check keyboard navigation, and assess screen reader compatibility. Use this skill when the user requests an accessibility scan, audit, or compliance check, or when terms like "WCAG", "ARIA", "screen reader", "accessibility testing", or "a11y" are mentioned. It provides actionable insights for improving web application accessibility.
accessibility-audit-runner
25
from ComeOnOliver/skillshub
Accessibility Audit Runner - Auto-activating skill for Frontend Development. Triggers on: accessibility audit runner, accessibility audit runner Part of the Frontend Development skill category.
access
25
from ComeOnOliver/skillshub
Manage Slack channel access control — pairing, allowlist, channel opt-in
auditing-access-control
25
from ComeOnOliver/skillshub
This skill enables Claude to audit access control implementations in various systems. It uses the access-control-auditor plugin to identify potential vulnerabilities and misconfigurations related to access control. Use this skill when the user asks to "audit access control", "check permissions", "assess access rights", or requests a "security review" focused on access management. It's particularly useful for analyzing IAM policies, ACLs, and other access control mechanisms in cloud environments, applications, or infrastructure. The skill helps ensure compliance with security best practices and identify potential privilege escalation paths.
azure-verified-modules
25
from ComeOnOliver/skillshub
Azure Verified Modules (AVM) requirements and best practices for developing certified Azure Terraform modules. Use when creating or reviewing Azure modules that need AVM certification.
azure-image-builder
25
from ComeOnOliver/skillshub
Build Azure managed images and Azure Compute Gallery images with Packer. Use when creating custom images for Azure VMs.
Role Skill Wrapper
25
from ComeOnOliver/skillshub
当前文件是 Manus 的 role skill 入口。
terraform-azurerm-set-diff-analyzer
25
from ComeOnOliver/skillshub
Analyze Terraform plan JSON output for AzureRM Provider to distinguish between false-positive diffs (order-only changes in Set-type attributes) and actual resource changes. Use when reviewing terraform plan output for Azure resources like Application Gateway, Load Balancer, Firewall, Front Door, NSG, and other resources with Set-type attributes that cause spurious diffs due to internal ordering changes.